I don't know what your settings are but it sounds like maybe you are only set to scan on write and not on read?
1 of 1 people found this helpful
I'm pretty sure the behavior you describe is true for all antivirus products. If they scanned every file in a folder whenever you looked at a folder, it would take forever to look at folders in explorer. Imagine a folder on a server with several thousand files of many megabytes each...
I gues you have included the solution in your statement :-
I created a test folder on the c drive. I excluded the test folder from being scanned, this was to enable me COPY the eicar file to the test folder.
The only reason VSE did not detect the EICAR fiel is because you have added the TEST folder as an Exception and rightly so, VSE will not bother whatever happens it it. However, You did find out that once you copied or moved the file from TEST folder to any other folder, It did remove it.
I think that sums it up !!!
Just a thought, An Antivirus is out there to help the user stay protected. If I, as a user start making an exception and still expect the AV to find the malicious content, It is a little unfair on my part to expect so. Also, No AV provides a guranteed 100% protection against malware. User discretion is certainly critical .
Thanks for the response, but all the same you missed my line where I said: "I REMOVED the folder from the exclusion. the folder was excluded to copy the eicar file across, afterwards I removed it from the exclusion list to perform the test. So I am not being jugdemental of the technology, it is a technology i support. I only want it to improve.
You have a great point there and I thought as much too. But my point is should it really be like that? I mean this is a potential malicious file sitting free in the folder......Could there not be a light scan that frequently scan all contents of the folder, when the folder is read.
Well my scan settings were set to read and write on the On Access Scan settings
This is by design I believe. When a folder is accessed, unless other applications read the files, McAfee will not detect threats.
For example, upon opening a folder, Explorer will check certain files to find their icon. In this case, because Explorer is reading a file, then a threat will be detected.
There are several reasons why things are done this way:
- The on-Acess scanner will detect a threat when a file is executed/read, so that ensures that known malware is not run on a machine.
- The additional overhead to scan all files upon folder opening is problematic, and would be a source of many customer complaints.
An ideal compromise that McAfee should be implementing is an option for "Scan USB drives on attach" (or similar), where a scan of the drive is done when a USB key is attached. This also has potential consequences - for example if someone was to attach a 200Gb External Drive that is filled to the brim with files....
So I suppose with the information above, I am curious what you perceive the threat to be, and how things should be managed to both ensure performance is acceptable and risks are mitigated.